6.5CVSS
6.5AI Score
0.001EPSS
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
5.9CVSS
5.6AI Score
0.002EPSS
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1 . We recommend that all users running self-hosted charm instances update immediately. This vulner...
9.8CVSS
9.4AI Score
0.002EPSS
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
6.2CVSS
4AI Score
0.0004EPSS
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
6.2CVSS
5.3AI Score
0.0004EPSS